Which Splunkbase add-on do we need to install to monitor Tomcat logs?
HI, We are looking to monitor Tomcat related logs, and from documentation, we are suggested to install the Splunk Add-on for Java Management Extensions and Splunk Add-on for Tomcat . But we have...
View ArticleWhy do search results return nothing on a calculated check?
I have a summary index that is holding lead information. One of the data points I created was the numeric day the lead was inserted for easy searching. So some of the data looks like: _time="2016-01-01...
View ArticleWhy am I getting error "Invalid date" trying to set now as default value for...
Hi all, I'm trying to set now value for a default setting: 0nowstrftime('earliest', "%F")strftime('latest', "%F") I keep getting an error when I try and run the query with default value for latest....
View ArticleWARN TcpOutputProc - Possible duplication of events with channel=source ...
Why am I getting lots of duplicate events in my indexes? I'm seeing lots of these warnings in my splunkd.log : WARN TcpOutputProc - Possible duplication of events with...
View ArticleDifficulty with use of lookup table
I'm having trouble understanding why I'm getting certain results from the use of lookup tables, any help would be greatly appreciated. My lookup tables: pre-ces-alerts.csv...
View ArticleReplication options?
If I have indexer1 with index a and indexer 2 with index b. Not being clustered or joined together in a farm. Is it possible to individually replicate specific indexes to another indexer without being...
View ArticleHow to edit my regex to extract all expected fields from my sample Blue Coat...
I'm using the following regular expression:...
View Articletransaction with duplicate start events and should be taking the earliest event
Hello All, I'm trying to get the duration from the transaction. The problem here is I've duplicate start events and the transaction is taking the latest duplicate event. Is there a way I can get the...
View ArticleDashboard checkbox creates rename error when selecting more than one box
I've created a dashboard panel checkbox with several items to choose from. When I select any one item and run it, no problems. When I select two or more items, it returns a syntax error with the...
View ArticleHow to add image from URL to a table
Pretty simple question, hopefully it is a simple answer. I have data where one field has a URL of an image. I would like to display it in a table cell. Can anyone think how to accomplish this?
View ArticleSplunk Enterprise 8089 Vulnerability Scan Results: How do I resolve these SSL...
Hello, I'm required to scan my Splunk Enterprise environment for compliance reasons. When I'm scanning my search heads and indexers ,I keep getting multiple SSL errors for the management port 8089....
View ArticleUsing the LinkSwitcher to create a row with a table and chart, how do I use...
Hi, I am currently using LinkSwitcher to create a row with a table and chart. However, I want it to be controlled by a time range picker. However, if I add in the time range picker input in the row...
View ArticleHow to create an alert to trigger based on a current value, and if that value...
I want to alert based off a current value and if that value increases over a threshold within a set time. I want to alert if I have a count of 100 and if it grows to 200 within 30 minutes. The 100...
View ArticleTaking over an old Splunk deployment, how should I get data forwarded to our...
Hello, As I've said in a previous post, I am new to Splunk so please excuse the newb questions. I have been tasked with taking over our Splunk project which was installed about 6 years ago and mostly...
View ArticleHow to edit my props.conf for proper line breaking of a large event by the ∑...
I am having trouble with being able to properly line break an event like the following: Here are the props I am using LINE_BREAKER = (\∑) SHOULD_LINEMERGE = false TIME_PREFIX = <6>...
View ArticleHow do I get license usage per indexer using the Distributed Management Console?
I'm trying to use the licensing dashboard in DCM, splunk 6.4.1. For a 30 day by indexer it runs: `dmc_licensing_base_summary(node065.serverfarm.cornell.edu," ")` |...
View ArticleIs it possible to configure Splunk to support HTTP Strict Transport Security...
Hi, We have a requirement from our security team to have Splunk support HSTS feature. Can this be done? I have seen configuration for other servers like Apache 2 at...
View ArticleHow do we get our summary index search to produce our expected result?
Hi, We are planning to implement summary indexing in our dashboards. As part of it, I have created a scheduled search below which would give us time by hosts, and have enabled summary indexing for this...
View ArticleIssue with TA-connectivity (ping) - Resolution found
I installed TA-connectivity and after turning on the inputs I received the following error in splunkd.log: 07-29-2016 16:10:07.410 +0000 ERROR ExecProcessor - message from "python...
View ArticleMultiple Criteria Searches
Very much a newb looking to get some basic information from my Sonicwall logs. Setting up the search using multiple criteria for the same field in the log file is what I am asking. I have a firewall...
View Article